Authors

Topics

New Cybersecurity Legislation in Federal Budget

April 22, 2015

The budget announced by the federal government yesterday promises action on a long standing commitment to improve and enhance cybersecurity in Canada. The new initiatives, including investment to secure cyber infrastructure and the introduction of new cybersecurity legislation imposing cybersecurity obligations on operators of “vital cyber systems”, should change the cybersecurity landscape in Canada for years to come.

The budget documents detail the commitment of $58 million over 5 years to protect essential government cyber systems and critical infrastructure, including Internet network pathways and connections, from cyberattacks. This investment will focus on maintaining and improving the government’s ability to detect and repel cyber attackers from gaining access to these critical systems.

Of interest to clients and businesses will be the further $36.4 million has been committed over 5 years to protect “vital cyber systems” that Canadians rely on daily and are critical to national security. The scope of “vital cyber systems” is not yet clear, but it is widely expected that the legislation will focus on large companies in the telecommunications sector and Internet service providers.

The budget papers foreshadow the tabling of legislation that will require operators of these vital cyber systems to:

meet network security standards and implement cybersecurity plans;

meet “robust” security outcomes for their systems; and

report cybersecurity incidents to the federal government.

This also represents the first glimpse into the Protection of Canada’s Vital Cyber Systems Act, a piece of legislation that the government has been working on for almost a year.

These measures are a timely implementation of Canada’s Cyber Security Strategy, announced in 2010, and a response to a recent RCMP cybersecurity report supporting new policing measures and engagement with public and private sector organizations to keep pace in the digital era.

In documents recently tabled in the House of Commons, it was noted that data breach incidents are becoming more commonplace, with federal departments and agencies reporting more breaches: almost 4,000 in the 10 months between April 2013 and February 2014 alone, compared with just over 3,000 in the previous 10 years.

The 2015 budget signals the significant role that cybersecurity will play in the remaining months of this government’s term. However, an assessment of the impact of this cybersecurity policy on businesses will have to wait until the Bill is tabled before Parliament.

For a further discussion of the 2015 budget, see the analysis of our colleagues in our Financial Service Group, available here.